Free Isaca CGEIT Exam Questions

Become Isaca Certified with updated CGEIT exam questions and correct answers

Page: 1 / 117

Total 585 Questions | Updated On: Mar 10, 2025

Add To Cart

Question 1

The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor's new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending. After the requirement change request, the IT program manager should FIRST:

A : obtain confirmation from the business and a decision by the steering committee.

B : request additional funding from the business owner to cover the additional scope.

C : report the matter to internal audit as a program deviation to be reviewed.

D : align IT with the business and agree to the business request.

Answer: A

Question 2

Which of the following BEST helps to ensure that IT policies are aligned with organizational strategies?

A : The policies are approved by the board of directors.

B : The policies are developed using a top-down approach.

C : The policies are updated annually.

D : The policies are periodically audited.

Answer: B

Question 3

Which of the following is the MOST important reason to include internal audit as a stakeholder when establishing clear roles for the governance of IT?

A : ternal audit is accountable for the overall enterprise governance of IT.

B : ternal audit has knowledge and technical expertise to advise on IT infrastructure.

C : Internal audit implements controls over IT risks and security.

D : Internal audit provides input on relevant issues and control processes.

Answer: D

Question 4

IT security is concerned with employees' increasing use of personal equipment for work-related purposes, while employees claim it allows them to be more productive. A decision on whether to modify the enterprise information security policy should be based on:

A : audit findings.

B : user access approval procedures.

C : the impact to security.

D : a risk and benefit evaluation.

Answer: D

Question 5

Within a governance structure for risk management, which of the following activities should be performed by the second line of defense?

A : Conducting internal and external audits

B : Implementing controls to manage risk

C : Monitoring risk and controls

D : Identifying and assessing risk

Answer: C

Page: 1 / 117

Total 585 Questions | Updated On: Mar 10, 2025

Add To Cart